Are Google accounts putting your firm at risk?

by |

Australian businesses are increasingly turning to cloud-based services, including android and Google apps, to save cash, but in doing so they are also reportedly raising the risk to their companies – including having their systems hacked.

At a recent Defcon security conference in Las Vegas, a security researcher showed how rouge apps can take advantage of Google’s “weblogin” feature, which allows users to authenticate themselves on Google websites without having to enter their passwords. This feature can allow attackers gain access to those accounts.

“I know lots of small businesses use Google apps and while they should be made aware of it, many do not see it as a concern they need to deal with,” director of WebSafety NZ, Dean Stewart, said.

Steward believes android devices are more susceptible to malware than other operating systems such as iOS or windows. “The android market has been rumoured to have up to 30% of apps infected with malware,” he said.

Executive director of NetSafe, Martin Cocker, adds: “At any given time, each platform suffers from vulnerabilities that can be exploited. Often it is not the operating system that is targeted. In this case we're talking about the exploitation of a convenience service (single log on) - rather than exploiting a vulnerability,” he added.

“The use of cloud-based services, including Google apps, is definitely increasing quickly … The challenge really arises when these services are blended into existing ICT systems without proper consideration of the security impact,” said Cocker.

At the end of the day, it is best not to rely on users to protect valuable business data – regardless of what devices and services they are using, he adds. “It is hard to protect the various devices people bring into the organisation. It often makes sense to protect the organisations data and information by establishing protocols on how it can be accessed, by whom, and when,” said Cocker.

 

 

 

  • Steve Pretzel on 8/08/2013 11:31:43 AM

    In the long term, Google may have made a serious strategic mistake in opening up the 'convenience' of allowing users to sign in to any number of third party apps with the Google apps credentials.

    The potential for Google Apps in the enterprise would be much greater if a Google Apps sign-in is for Google Apps only. Can't wind back the clock now, but maybe there can be another layer of security added for enterprise users?

Corporate Risk & Insurance forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions